opengoat/.github/workflows/release.yml at 1a8a8b778cb50e88bf2e0a8471ca76e0d513924e · marian2js/opengoat · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: Release

on:
  push:
    branches:
      - main

concurrency: ${{ github.workflow }}-${{ github.ref }}

jobs:
  release:
    name: Release
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
      id-token: write

    steps:
      - name: Checkout Repo
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Check for Changesets
        id: check_changesets
        run: |
          if [ -n "$(find .changeset -name '*.md' -not -name 'README.md')" ]; then
            echo "has_changesets=true" >> "$GITHUB_OUTPUT"
            echo "Changesets found."
          else
            echo "has_changesets=false" >> "$GITHUB_OUTPUT"
            echo "No changesets found. Skipping release steps."
          fi

      - name: Setup pnpm
        if: steps.check_changesets.outputs.has_changesets == 'true'
        uses: pnpm/action-setup@v2

      # Trusted publishing requires a modern Node/npm toolchain.
      - name: Setup Node.js 22.14.0
        if: steps.check_changesets.outputs.has_changesets == 'true'
        uses: actions/setup-node@v4
        with:
          node-version: 22.14.0
          cache: pnpm

      - name: Install Dependencies
        if: steps.check_changesets.outputs.has_changesets == 'true'
        run: pnpm install --frozen-lockfile

      - name: Configure Git
        if: steps.check_changesets.outputs.has_changesets == 'true'
        run: |
          git config user.name "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"

      - name: Version Packages (CalVer)
        if: steps.check_changesets.outputs.has_changesets == 'true'
        run: pnpm run version-packages

      - name: Build Packages
        if: steps.check_changesets.outputs.has_changesets == 'true'
        run: pnpm run build

      - name: Pack tarballs
        if: steps.check_changesets.outputs.has_changesets == 'true'
        run: |
          mkdir -p /tmp/npm-publish
          pnpm -C packages/contracts pack --pack-destination /tmp/npm-publish
          pnpm -C packages/core pack --pack-destination /tmp/npm-publish
          pnpm -C packages/cli pack --pack-destination /tmp/npm-publish

      - name: Smoke test packed CLI
        if: steps.check_changesets.outputs.has_changesets == 'true'
        run: |
          VERSION="$(node -p "require('./packages/cli/package.json').version")"
          CONTRACTS_TGZ="/tmp/npm-publish/opengoat-contracts-${VERSION}.tgz"
          CORE_TGZ="/tmp/npm-publish/opengoat-core-${VERSION}.tgz"
          CLI_TGZ="/tmp/npm-publish/opengoat-${VERSION}.tgz"
          ./scripts/smoke-packed-cli.sh "$CONTRACTS_TGZ" "$CORE_TGZ" "$CLI_TGZ"

      - name: Publish to npm (Trusted Publishing / OIDC)
        if: steps.check_changesets.outputs.has_changesets == 'true'
        run: |
          VERSION="$(node -p "require('./packages/cli/package.json').version")"
          CONTRACTS_TGZ="/tmp/npm-publish/opengoat-contracts-${VERSION}.tgz"
          CORE_TGZ="/tmp/npm-publish/opengoat-core-${VERSION}.tgz"
          CLI_TGZ="/tmp/npm-publish/opengoat-${VERSION}.tgz"
          TAG="latest"

          echo "Publishing version: ${VERSION}"
          echo "Publishing tag: ${TAG}"
          ls -la "$CONTRACTS_TGZ" "$CORE_TGZ" "$CLI_TGZ"

          # publish @opengoat/contracts (dependency of @opengoat/core)
          npm publish "$CONTRACTS_TGZ" --access public --tag "$TAG"

          # publish @opengoat/core
          npm publish "$CORE_TGZ" --access public --tag "$TAG"

          # publish opengoat (from packages/cli, name is "opengoat")
          npm publish "$CLI_TGZ" --access public --tag "$TAG"

      - name: Push Changes + Tag
        if: steps.check_changesets.outputs.has_changesets == 'true'
        run: |
          VERSION="$(node -p "require('./packages/cli/package.json').version")"
          git add VERSION Cargo.lock Cargo.toml package.json apps/desktop/package.json apps/desktop/src-tauri/tauri.conf.json packages/contracts/package.json packages/core/package.json packages/sidecar/package.json packages/cli/package.json CHANGELOG.md .changeset
          git commit -m "chore: release ${VERSION}"
          git tag "v${VERSION}"
          git push
          git push --tags

      - name: Create GitHub Release
        if: steps.check_changesets.outputs.has_changesets == 'true'
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          VERSION="$(node -p "require('./packages/cli/package.json').version")"
          NOTES_FILE="/tmp/release-notes-${VERSION}.md"

          awk -v version="$VERSION" '
            $0 ~ "^## "version"$" {capture=1; next}
            capture && $0 ~ "^## " {exit}
            capture {print}
          ' CHANGELOG.md > "$NOTES_FILE"

          if [ ! -s "$NOTES_FILE" ]; then
            echo "Failed to find changelog entry for ${VERSION}."
            exit 1
          fi

          if gh release view "v${VERSION}" >/dev/null 2>&1; then
            gh release edit "v${VERSION}" --title "v${VERSION}" --notes-file "$NOTES_FILE"
          else
            gh release create "v${VERSION}" --title "v${VERSION}" --notes-file "$NOTES_FILE"
          fi